1. Field of the Invention
The present invention relates to a network service user authentication system which performs an authentication of an authorized user by using vital information regarding the user in transmitting or receiving information through an open network.
2. Description of the Related Art
Recently, business transactions using open networks such as the Internet have been vigorously spreading and users can enjoy network services such as desired commodity purchasing transactions, securities transactions, information offering or the like using terminals such as personal computers or portable telephones. In such an environment, the users can receive targeted services without actually going out of their way to stores and hence can enjoy the availability that they are not restricted by time and places.
Contrary to such a convenient environment, however, in the open network, there exists a possibility of an illegal act in which an unauthorized third party receives a service or the like by disguising himself as a legitimate user. Accordingly, conventionally, as means for confirming the identity of a legitimate on authorized user, a system which uses a digital signature or an authentication certificate based on an open key/secret key cryptogram (hereinafter called “digital signature system”) has been popularly used.
Although this digital signature system is a system which is highly effective in terms of security over the network, the user authentication only confirms a person who owns the authentication certificate and secret key and does not confirm whether the user is a genuinely authorized legitimate or not. Accordingly, there still exists a possibility that a third party can perform transactions by disguising himself as the authorized user.